CVE-2020-25449 – cabot

Package

Manager: pip
Name: cabot
Vulnerable Version: >=0 <=0.11.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00522 pctl0.65959

Details

Cabot Cross Site Scripting (XSS) vulnerability via Address column Cross Site Scripting (XSS) vulnerability in Arachnys Cabot up to and including 0.11.12 can be exploited via the Address column.

Metadata

Created: 2022-05-24T17:35:22Z
Modified: 2024-09-06T16:30:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8q2h-4mq6-396j/GHSA-8q2h-4mq6-396j.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-8q2h-4mq6-396j
Finding: F008
Auto approve: 1